CVE-2018-6495

Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microfocus:universal_cmdb:0.20:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.21:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.22:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.30:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.31:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.32:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.33:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:11.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:microfocus:universal_cmdb_browser:4.10:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb_browser:4.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb_browser:4.12:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb_browser:4.13:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb_browser:4.14:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb_browser:4.15.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:microfocus:cms_server:4.10:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:cms_server:4.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:cms_server:4.12:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:cms_server:4.13:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:cms_server:4.14:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:cms_server:4.15.1:*:*:*:*:*:*:*

History

03 Mar 2023, 19:02

Type Values Removed Values Added
References (SECTRACK) http://www.securitytracker.com/id/1040970 - Third Party Advisory, VDB Entry (SECTRACK) http://www.securitytracker.com/id/1040970 - Broken Link, Third Party Advisory, VDB Entry

Information

Published : 2018-05-23 18:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-6495

Mitre link : CVE-2018-6495

CVE.ORG link : CVE-2018-6495


JSON object : View

Products Affected

microfocus

  • universal_cmdb_browser
  • universal_cmdb
  • cms_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')